Ivan is auditing a corporate website. Using Winhex, he alters a cookie as shown below.
Before Alteration: Cookie: lang=en-us; ADMIN=no; y=1 ; time=10:30GMT ;
After Alteration: Cookie: lang=en-us; ADMIN=yes; y=1 ; time=12:30GMT ;
What attack is being depicted here?
Cookie Stealing
Session Hijacking
Cross Site Scripting
Parameter Manipulation
Cookies are the preferred method to maintain state in the stateless HTTP protocol. They arehowever also used as a convenient mechanism to store user preferences and other data including
session tokens. Both persistent and non-persistent cookies,secure or insecure can be modified by
the client and sent to the server with URL requests. Therefore any malicious user can modify
cookie content to his advantage. There is a popular misconception that non-persistent cookies
cannot be modified but this is not true; tools like Winhex are freely available. SSL also only
protects the cookie in transit.